Battle.net and Diablo III Account Security

Some players are dedicated to collecting sets of epic gear while others prefer to make some quick coin in the auction house. No matter what play style you prefer, we want to equip you with the tools and knowledge you need to protect yourself against account compromise. To help get you started, below you'll find a series of tips and suggestions aimed at improving your account and computer security.

You may have already run across some of this information on our account security awareness page, in one of our support articles, or posted on the forums. We want to make sure that as many players as possible do everything they can to help ensure their accounts are secure, so take some time to read over this refresher, secure your account, and share these tips and resources with your friends and fellow players.

Basic Preventative Steps:

There are a few "golden rules" for maintaining a secure Battle.net account. They're simple and straightforward, but they can help ensure that your account information doesn't get into the wrong hands.

Never give out your account information.
Sharing your account information with a family member, friend, or another player is an easy way to lose control of who has access to your account and increase the risk of compromise -- no matter how well you might know the person you’re sharing your login information with. Keep in mind that even if you practice optimum Internet security at home, you can't control how another person will make use of your account information…or how secure their own computer system might be.

Practice good email and password security.
Ensuring that your registered email address is secure is a very important part of keeping your Battle.net account secure. Your registered email address not only serves as a primary point of contact with Blizzard Entertainment, but it also functions as your Battle.net account name. For this reason, you may want to consider creating a unique email address for your Battle.net account, and we *strongly* recommend using a password that you don’t use for any other online service.

Be mindful of phishing scams.
Phishing scams are designed to trick you into giving out your account information, and they'll usually come in the form of emails or in-game messages that appear to be sent by Blizzard employees. Sometimes these messages encourage you to visit a malicious website (which might contain a web form for you to fill out or even embedded software that can steal your login information). In other cases, you may be asked to reply with your account name and password.

While most of these types of scams are easy to identify -- they'll frequently use poor grammar and spelling, or make outrageous threats about banning your account -- some can be difficult to distinguish from legitimate Blizzard correspondence, so it's important to be cautious of what you click on and when.

Grab an Authenticator.
The physical Battle.net Authenticator and Battle.net Mobile Authenticator app* are easy ways to add an additional level of security to your account. They work by providing a secure authentication code on command that's unique to your Battle.net account. After one of these two Authenticators is associated with your Battle.net account, you will be prompted to enter an authentication code when logging into the game client or Battle.net Account Management, adding another layer of protection against account compromises. (Note that by default, after you've successfully logged in with an Authenticator a certain number of times from a certain location, you won't be prompted for an code every time you log in. However, you can require Battle.net to ask for a code every time via Security Options in Account Management here.)

Battle.net SMS Protect is another handy security option. It's a free opt-in service which allows you to use your text-enabled cell phone to unlock a locked Battle.net account, recover your account name, approve a password reset, or remove a lost Authenticator. Optionally, you can set up the Battle.net SMS Protect system to send you a text message whenever unusual activity is detected on your account, keeping you aware of important (and possibly unwanted) changes.

In addition to following the security basics above, you'll also want to make sure your computer is protected against malicious programs, including "keyloggers." Keyloggers are pretty serious, and they're capable of snagging information directly from your computer, either by monitoring your keystrokes or by gaining access to important applications like your clipboard.

The advice listed below will help you combat this type of security risk and maximize your computer's security.

Install antivirus and anti-spyware software.
There are a number of programs that can help you identify and remove any viruses, Trojans, and/or keyloggers that may sneak onto your computer. If you're unsure of what software might be best for you, check out our support site for a list of recommendations.

Keep in mind that most antivirus and anti-spyware programs will regularly issue software updates to ensure that they're able to identify the latest malware threats, so be sure to install the most recent updates before beginning any new system scans.

Keep your browser and browser plug-ins up-to-date.
As with your anti-malware software and operating system, you'll want to keep your web browser as up-to-date as possible. In addition to providing more tools and functionality, browser updates can also include new security definitions and a more comprehensive phishing filter (detailed further below).

Using the most recent versions of your browser plug-ins and applications (like Adobe Flash Player and Adobe Reader) and regularly checking for security updates is also important, because they can sometimes become targets for certain types of malware. A lot of plug-ins and applications will prompt you to update automatically, but it's still a good idea to check the distributor websites on occasion to make sure you're running the latest versions.

Turn on your browser's phishing filter.
Phishing filters work by comparing the websites you visit against a massive database of legitimate (secure) websites and websites that have been identified as potential security risks. If you happen to visit a website that's flagged by your browser's filter, you'll be alerted and given the opportunity to continue onto the page or -- in most cases -- navigate to another site completely. Most popular browsers have built-in phishing filters that are turned on by default, but you can always double-check filter settings/availability in the Tools menu. Additional information about popular phishing filters can also be found here:

While following these tips will go a long way to keeping your Battle.net account secure, no account-security method is 100% foolproof. If you ever find yourself affected by an account compromise, don't panic. Our in-game, account, and technical support representatives will work with you to restore your account. Our Help! I got Hacked! guide goes into all the details, and for more information be sure to review our restoration process for Diablo III. Rest assured that we've got your back (and your lewtz) should you need us.

Account security is incredibly important to us, and we hope that it's important to you, too. If you have any additional security recommendations to add to this list, please feel free to share them in the comments!